BreachExchange mailing list archives
Re: BoA breach - possible Wal-Mart connection?
From: Chris Walsh <cwalsh () cwalsh org>
Date: Sat, 11 Feb 2006 20:05:43 -0600
And to be specific, is it Sam's Club, which was reported as being breached in early December 2005, and where Wal-Mart denied that a computer system of theirs had been compromised? Where Gartner and American Banker chided Visa and MC for hordeing info and playing favorites? Where PCI standards were not followed and stripe data were stored? Wow. The connection between the BofA/Wamu/Wells Fargo card reissues, and the earlier one by Regions Bank, and the months earlier ones by the Alabama Credit Union, et. al. is one I semi-drew (http:// www.emergentchaos.com/archives/002414.html). I didn't think there was enough to pin it on Sam's Club, especially since BofA said a processor wasn't involved. How would a retailer lose so much info, especially since reports in December were that the detected frauds likely were from customers who bought gasoline at Sam's Club? Sam's Club said this on 12/2/2005 (http://www.prnewswire.com/cgi-bin/ stories.pl?ACCT=104&STORY=/www/story/12-02-2005/0004227070): " SAM'S CLUB stressed that the electronic systems and databases used inside its stores and for http://samsclub.com are not involved." So, databases "inside its stores" and the web site didn't get penetrated. That leaves, uh, POS devices, and....dare I say it...*wireless*? If we find out that they got p0wned via wireless (a la Lowes, back in 2003?) I will fall off my chair. This could be huge. Wal-Mart wants to get into the banking business, and (if true) this isn't exactly a ringing endorsement. Early in December, I had some fun with ID Analytics and used their numbers to argue that this breach would have exposed 600,000 accounts. It doesn't seem like fun, now. On Feb 11, 2006, at 6:54 PM, lyger wrote:
Bank Card Reissues May Be Linked to Wal-Mart Breach By Paul F. Roberts and Matt Hines <mailto:matt_hines () ziffdavis com> February 10, 2006 In what appears to be a widening incident, Bank of America, MasterCard and Visa all announced this week that they have been informed of a potential security breach at a U.S.-based retailer. The companies refused to name the retailer involved, but at least one bank said that systems belonging to Wal-Mart Stores, the world's largest retailer, may be to blame. http://security.ithub.com/article/Bank+Card+Reissues+May+Be+Linked +to+WalMar t+Breach/171328_1.aspx _______________________________________________ Dataloss mailing list Dataloss () attrition org https://attrition.org/mailman/listinfo/dataloss
_______________________________________________ Dataloss mailing list Dataloss () attrition org https://attrition.org/mailman/listinfo/dataloss
Current thread:
- BoA breach - possible Wal-Mart connection? lyger (Feb 11)
- Re: BoA breach - possible Wal-Mart connection? Chris Walsh (Feb 11)